Skip to content

Minimize the attack footprint #6

Description

@disconsis

Basically, make the attack as sneaky as possible.
It probably won't fool an IDS anytime soon (it is just an ARP spoof ffs), but I'd like to not make the attack completely obvious to anyone who happens to have Wireshark open at the time.
That said, this is more of a stretch goal than anything else, and this issue will be around for quite some time.

  • For starters, I'd like to not send ARP replies to everyone on the subnet when there's only a few targets. So no broadcast ARP replies.
  • Find hosts that might be monitoring the attack and "deal" with them (Find hosts potentially monitoring the attack #4)
  • Add options to change delays between steps.

More tasks will be added here as I learn about other methods of ARP spoofing detection.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions